Assessments based on real world security testing

The Secure Ideas Difference

Web application testing represents an ever-growing area of IT auditing and assessments that need constant attention and new skills. As technology evolves in this area, and more organizations come to rely upon web technologies and associated applications to run their businesses, security is increasingly important. In order to asses these applications, specialized tools for web application vulnerability scanning will assist in finding the majority of vulnerabilities and provide a solid foundation for finding more problems through manual testing.

WebScout's Assessments begins the process of securing your application by mapping out the functionality within it. After each function is detected, we determine how it fits within the application and the organization. We probe the application with various discovery techniques to determine security weaknesses the application exhibits.

After the assessment, our staff review each result-set for accuracy, to remove false positives and negatives, and then summarize the data into a one-page executive summary. This concise summary outlines the most significant areas of concern, giving business executives the information necessary to make business-case risk decisions. The final report also includes a custom report format detailing all of the vulnerabilities discovered during the assessment.

SDLC Testing

Our Engagement Process

Scout subscriptions are a recurring testing model. During each test, our consultants follow as set of procedures that build upon the previous tests. Our process is as follows:

Asset Discovery: Our systems scan the network ranges for hosts and end points. This generates a report of target systems. It is also exported to the client for their consumption internally.

Vulnerability Scanning: Our testing and assessment tools will scan the discovered hosts for known vulnerabilities and weaknesses in the configurations. This scanning is based on indsutry standards.

Manual Assessment: Our consultants review the results of the previous two steps to remove false positives and find any issues missed by the scanning. (This is what differentiates NetworkScout from the common automated tool sets.)

Reporting: Our consultants create and deliver a report that outlines the findings, what they mean to the client, and recommendations on how to remediate the issues.